EP3737109B1 - Verification code generation method, data verification method and electronic device - Google Patents
Verification code generation method, data verification method and electronic device Download PDFInfo
- Publication number
- EP3737109B1 EP3737109B1 EP19173251.0A EP19173251A EP3737109B1 EP 3737109 B1 EP3737109 B1 EP 3737109B1 EP 19173251 A EP19173251 A EP 19173251A EP 3737109 B1 EP3737109 B1 EP 3737109B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- verification
- level
- data
- level checksum
- checksum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims description 265
- 238000000034 method Methods 0.000 title claims description 114
- 238000013524 data verification Methods 0.000 title claims description 32
- AWSBQWZZLBPUQH-UHFFFAOYSA-N mdat Chemical compound C1=C2CC(N)CCC2=CC2=C1OCO2 AWSBQWZZLBPUQH-UHFFFAOYSA-N 0.000 claims description 10
- 239000008186 active pharmaceutical agent Substances 0.000 description 14
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 238000012545 processing Methods 0.000 description 7
- 102100037812 Medium-wave-sensitive opsin 1 Human genes 0.000 description 3
- 230000004913 activation Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/24—Monitoring of processes or resources, e.g. monitoring of server load, available bandwidth, upstream requests
- H04N21/2407—Monitoring of transmitted content, e.g. distribution time, number of downloads
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/647—Control signaling between network components and server or clients; Network processes for video distribution between server and clients, e.g. controlling the quality of the video stream, by dropping packets, protecting content from unauthorised alteration within the network, monitoring of network load, bridging between two different networks, e.g. between IP and wireless
- H04N21/64715—Protecting content from unauthorized alteration within the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/845—Structuring of content, e.g. decomposing content into time segments
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/845—Structuring of content, e.g. decomposing content into time segments
- H04N21/8456—Structuring of content, e.g. decomposing content into time segments by decomposing the content in the time domain, e.g. in time segments
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
Definitions
- the present invention relates to the field of video/audio security and, more particularly, to a verification code generation method, a data verification method and an electronic device.
- US 2017/0075938 A1 discloses systems and methods for storing and verifying data; wherein reference levels are generated according to time intervals, where the first reference level comprises a predetermined number of file time intervals, and where each of the time intervals of the remaining reference levels is comprised of a predetermined number of the time intervals of a previous reference level. Further, hashes of data are created at the first reference level by performing a hashing function on the data in a time-sequenced manner. First reference level time interval hashes are generated by performing the hashing function on the hashes of the data at each of the time intervals of the first reference level.
- Hashes for remaining reference level time intervals are generated by performing file hashing func-tion on the hashes of each of the time intervals of the previous reference level. Further systems and methods for storing and verifying data are disclosed by US 2007/0239961 A1 . With the popularity of video/audio recording devices in the recent years, video/audio security has become essential. In the field of video/audio security, verification codes are a critical technology. In general, a verification code is generated by a complex hash function, and a calculation result of such hash function is thus referred to as a hash value, or referred to as a message digest.
- hash values generated from different data are different, and hence hash values can be used as verification data for determining whether data has been tampered during a transmission process.
- an entire footage not at all edited is used to generate a hash value, or hash processing is individually performed on multiple frames divided from a completely stored video file.
- the above prior art may fail to dynamically generate the verification codes of a part of the data, in a way that a subsequent verification method may fail to verify the integrity of the part of the data.
- the present invention provides a verification code generation method according to independent claim 1, a data verification method according to independent claim 5, and an electronic device according to independent claim 7.
- the dependent claims show further examples of a suchlike verification code generation method, data verification method, and electronic device, respectively.
- a verification code generation method performed in an electronic device is provided according to an embodiment of the present invention, wherein the electronic device is for performing encoding to generate a video/audio stream having multiple data segments.
- the verification code generation method includes the following steps.
- a first-level checksum associated with the data segment is generated, and the first-level checksum is recorded in an accompanying verification file.
- a second-level checksum is generated for W consecutive first-level checksums, and the second-level checksum is recorded in the accompanying verification file.
- a data verification method performed in an electronic device is further provided according to an embodiment of the present invention, wherein the electronic device has the accompanying verification file of the foregoing embodiment stored therein.
- the data verification method includes the following steps. First, according to a starting time of a video/audio under verification, a first-level checksum corresponding to the video/audio under verification is identified from multiple first-level checksums in the accompanying verification file, wherein the first-level checksum includes a first hash value associated with a data segment of the data segments and associated with a timestamp associated with the data segment.
- a second-level checksum covering the first-level checksum corresponding to the video/audio under verification includes a second hash value of multiple first hash values of covered multiple first-level checksums, and multiple timestamps of the covered first-level checksums.
- the electronic device includes an encoding engine, a verification code generation circuit and at least one storage device.
- the encoding engine is for performing encoding to generate a video/audio stream including multiple data segments.
- the storage device stores a first application which is for instructing the electronic device to perform the verification code generation method of the foregoing embodiment.
- the electronic device may further include a verification circuit, and the storage device stores a second application which is for instructing the electronic device to perform the data verification method of the foregoing embodiment.
- FIG. 1 shows a function block diagram of an electronic device provided according to an embodiment of the present invention.
- FIG. 2 shows a flowchart of a verification code generation method provided according to an embodiment of the present invention. It should be noted that, the verification code generation method in FIG. 2 can be performed in the electronic device 10 in FIG. 1 ; however, the present invention does not limit that the verification code generation method in FIG. 2 can be performed only in the electronic device 10 in FIG. 1 .
- the electronic device 10 includes an encoding engine 110, a verification code generation circuit 120 and at least one storage device.
- the storage device in a quantity of one i.e., the storage device 130
- the storage device 130 is given as an example, and such exemplary quantity is not to be construed as a limitation to the present invention.
- the encoding engine 110, the verification code generation circuit 120 and the storage device 130 can be implemented by purely hardware circuits, or be implemented by hardware circuits matched with firmware or software.
- the present invention does not limit the specific implementation form of the electronic device 10, and a person skilled in the art could carry out associated designs according to actual requirements or applications.
- the encoding engine 110, the verification code generation circuit 120 and the storage device 130 can be implemented by purely hardware circuits, or be implemented by hardware circuits matched with firmware or software.
- the present invention does not limit the specific implementation form of the electronic device 10, and a person skilled in the art could carry out associated designs according to actual requirements or applications.
- the storage device 130 is given as an example, and such exemplary quantity is not to be construed as a limitation to the present invention.
- verification code generation circuit 120 is coupled between the encoding engine 110 and the storage device 130, and the encoding engine 110, the verification code generation circuit 120 and the storage device 130 can be integrated together or be separately configured; however, the present invention is not limited to the above.
- the encoding engine 110 is for performing encoding to generate a video/audio stream having multiple data segments.
- the video/audio stream is generated by encoding according to, for example, the MPEG-4 standard.
- each data segment of the video/audio stream can include at least one group of pictures (GOP) or at least one set of media data (mdat).
- the present invention does not limit that the data segments need to individually include the same quantity of GOPs or media data, and the quantity of GOP or media data included in each data segment can be dynamically determined according to the operation capability of the electronic device 10.
- the electronic device 10 can be, for example, a body cam, and thus each data segment can include 5 to 8 GOPs; however, the present invention is not limited to the above.
- the operation principle of generating a video/audio stream by encoding according to the MPEG-4 standard is generally known to a person skilled in the art, and thus details of the encoding engine 110 are not further described herein.
- the storage device 130 is for storing the data segments of the video/audio stream.
- the verification code generation method in FIG. 2 can be achieved by an application (not shown) having a plurality of instructions.
- the application is referred to as a first application which can also be stored in the storage device 130 and is for instructing the electronic device 10 to perform the verification code generation method in FIG. 2 . That it to say, when the electronic device 10 is installed with the first application, the electronic device 10 can activate the verification code generation method in FIG. 2 .
- the present invention does not limit the specific implementation form of the electronic device 10 regarding the installation of the first application and the activation for performing the verification code generation method in FIG. 2 , and a person skilled in the art could carry out associated designs according to actual requirements or applications.
- the verification code generation circuit 120 first initializes a variable ⁇ as 0 in step S210, and determines whether the encoding engine 110 has generated a k th data segment (of the video/audio stream) by encoding in step S220. If so, the process continues to step S230, otherwise the process returns to step S220 until the k th data segment has been generated by encoding. In step S230, the verification code generation circuit 120 generates a first-level checksum associated with the k th data segment, and records the first-level checksum of the k th data segment in an accompanying verification file.
- variable k is a positive integer starting from 1
- the first-level checksum of the k th data segment includes a hash value associated with the k th data segment, wherein the hash value is referred to as a first hash value in this embodiment.
- the operation principle for generating the hash value of the k th data segment is generally known to a person skilled in the art, and thus associated details are not further described herein.
- the present invention does not limit the specific implementation form of the accompanying verification file, and a person skilled in the art could carry out associated designs according to actual requirements and applications.
- the accompanying verification file can be similarly stored in the storage device 130.
- the second storage device can be in charge for storing the accompanying verification file, or alternatively speaking, for storing a verification code of this embodiment.
- the verification code generation circuit 120 determines whether the variable k is equal to (W+ ⁇ *N).
- W represents W consecutive data segments (or the number of the first-level checksums) needed for generating one second-level checksum
- N represents a data segment interval at which one second-level checksum is generated, where W is a positive integer greater than or equal to 2, and N is a positive integer greater than 0 and smaller than or equal to W, that is, 0 ⁇ N ⁇ W.
- step S260 the verification code generation circuit 120 generates a second-level checksum of multiple first-level checksums associated with the ( ⁇ *N+1) th data segment to the k th data segment, and records the second-level checksum in the accompanying verification file.
- step S270 the verification code generation circuit 120 uses a device key PK (not shown in FIG. 1 ) to sign the second-level checksum to generate a digital signature associated with the second-level checksum, and records the digital signature in the accompanying verification file.
- step S280 the verification code generation circuit 120 adds 1 to ⁇ , and the process continues to step S250 after 1 is added to ⁇ .
- W is 5 and N is 2 for example; however, the present invention is not limited to the above. Refer to FIG. 3A showing a schematic diagram of checksums and digital signatures generated in the verification code generation method in FIG. 2 according to an embodiment of the present invention.
- the verification code generation circuit 120 After it is determined that the encoding engine 110 has generated the 1 st data segment by encoding, the verification code generation circuit 120 generates a first-level checksum CS1(1) associated with the 1 st data segment, and records the first-level checksum CS1(1) in the accompanying verification file (not shown in FIG. 3A ). However, at this point in time, the variable k is not equal to (W+ ⁇ *N), that is, 1 ⁇ (5+0*2). Thus, the verification code generation circuit 120 adds 1 to k, that is, performing step S250 in FIG.
- the verification code generation circuit 120 generates a second-level checksum CS2(1) associated with the ( ⁇ *N+1) th data segment to the k th data segment, i.e., a second-level checksum CS2(1) of the first-level checksums CS1(1) to CS1(5) of the 1 st to the 5 th data segments, and records the second-level checksum CS2(1) in the accompanying verification file.
- the verification code generation circuit 120 uses the device key PK to sign the second-level checksum CS2(1) to generate a digital signature DS(1) associated with the second-level checksum CS2(1), and records the digital signature DS(1) in the accompanying verification file.
- the second-level checksum CS2(1) can include a new hash value of the first hash values of the covered first-level checksums CS1(1) to CS1(5), wherein the new hash value is simply referred to as a second hash value. That is to say, in this embodiment, the verification code generation circuit 120 performs hash processing by using the first hash values of the first-level checksums CS1(1) to CS1(5) to generate the second hash value in the second-level checksum CS2(1).
- the first hash value in each first-level checksum is represented by a diagonal line shaded block
- the second hash value of each second-level checksum is represented by a grid shaded block.
- the device key PK can also be similarly stored in the storage device 130; alternatively, in other embodiments, if the electronic device 10 further includes a third storage device, the third storage device can be in charge of storing the device key PK, and the present invention does not limit the specific implementation form of the device key PK.
- the operation principle of using the device key PK to sign and generate a digital signature is generally known to a person skilled in the art, and thus associated details are not further described herein.
- the first-level checksum CS1(k) of the k th data segment can further include a timestamp associated with the k th data segment
- the second-level checksum CS2( ⁇ +1) can further include the timestamps of the covered first-level checksums CS1( ⁇ *N+1) to CS1(k).
- the first-level checksum CS1 (1) of the 1 st data segment further includes the timestamp associated with the 1 st data segment
- the first-level checksum CS1 (5) of the 5 th data segment further includes the timestamp associated with the 5 th data segment
- the second-level checksum CS2(1) further includes the timestamps of the covered first-level checksums CS1 (1) to CS1 (5).
- the present invention is not limited to the above. The operation principle of the data verification method is to be described in detail by means of other embodiments below, and thus the associated details are not further described herein.
- the timestamp of each data segment is represented by a dot shaded block in the embodiments of the disclosure, and since the timestamps of the data segments are necessarily different, the dot shaded blocks in fact represent different timestamps.
- the present invention also does not limit the specific implementation form of the timestamps.
- the verification code generation circuit 120 then sequentially adds 1 to ⁇ and adds 1 to k, i.e., performing step S280 and step S250 in FIG. 2 to render ⁇ and k to become 1 and 6, respectively. After ⁇ and k have respectively become 1 and 6, the verification code generation circuit 120 again determines whether the encoding engine 110 has generated the 6 th data segment by encoding. If so, the verification code generation circuit 120 generates a first-level checksum CS1(6) associated with the 6 th data segment, and records the first-level checksum CS1(6) in the accompanying verification file.
- the verification code generation circuit 120 generates a first-level checksum CS1(7) associated with the 7 th data segment, and records the first-level checksum CS1(7) in the accompanying verification file.
- the verification code generation circuit 120 generates a second-level checksum CS2(2) associated with the ( ⁇ *N+1) th data segment to the k th data segment, i.e., a second-level checksum CS2(2) of the first-level checksums CS1(3) to CS1(7) of the 3 rd to 7 th data segments, and records the second-level checksum CS2(2) in the accompanying verification file.
- the verification code generation circuit 120 again uses the device key PK to sign the second-level checksum CS2(2) to generate a digital signature DS(2) associated with the second-level checksum CS2(2), and records the digital signature DS(2) in the accompanying verification file.
- the subsequent details are as those described previously, and shall be omitted herein.
- the verification code generation method of this embodiment each time the encoding engine 110 finishes generates one of the data segments by encoding, the verification code generation method of this embodiment generates a first-level checksum associated with the data segment, and records the first-level checksum of the data segment in the accompanying verification file.
- the verification code generation method of this embodiment At an interval of every N data segments of the data segments, the verification code generation method of this embodiment generates a second-level checksum for W consecutive first-level checksums, and records the second-level checksum in the accompanying verification file.
- the verification code generation method of this embodiment can further use the device key PK to sign the second-level checksum to generate a digital signature associated with the second-level checksum, and record the digital signature in the accompanying verification file.
- the verification code generation method of this embodiment is capable of dynamically generating a verification code for a part of data in a situation where the electronic device 10 is currently generating a video/audio stream. More particularly, when it is determined that once the encoding engine 110 has generated a part of data of sufficient units by encoding, the verification code generation method of this embodiment can real-time generate a first-level checksum for that part of data, and record the first-level checksum in the accompanying verification file, without affecting an original structure of the video/audio stream.
- the verification code generation method of this embodiment can again generate, at an interval of every N data segments, a second-level checksum for W consecutive first-level checksums and similarly record the second-level checksum in the accompanying verification file. Therefore, the verification code generation method of this embodiment allows a subsequent verification method to quickly verify the integrity of a part of data in the video/audio stream according to the accompanying verification file. More particularly in a situation where a part of data is damaged or lost, the data verification method provided according to an embodiment of the present invention is still capable of verifying the undamaged part of data correctly.
- the verification code generation method of this embodiment signs every second-level checksum so as to individually generate corresponding digital signatures to reliably achieve a non-repudiation mechanism of a part of data. Furthermore, after it is determined that a video/audio stream is completely generated by encoding, or alternatively speaking, when each data segment in the video/audio stream is completely written to the storage device 130, the verification code generation circuit 120 can read all of the first-level checksums from the accompanying verification file, and set new constants W and N to again form and generate a new second-level checksum and a new digital signature, both of which can be similarly recorded in the accompanying verification file.
- the verification code generation method of this embodiment can allow a subsequent verification method to quickly verify the integrity of more small-part data.
- the verification code generation circuit 120 can delete the old second-level checksum and digital signature to save a capacity needed for recording in the accompanying verification file.
- the present invention does not limit the specific implementation form of the verification code generation circuit 120 regarding again forming the new second-level checksum and digital signature.
- FIG. 3B showing a schematic diagram of checksums and digital signatures generated in the verification code generation method in FIG. 2 according to another embodiment.
- W and N are 3 for example; however, the present invention is not limited to the above.
- the verification code generation circuit 120 when it is determined that the encoding engine 110 has generated the 1 st data segment by encoding, the verification code generation circuit 120 generates a first-level checksum CS1(1) associated with the 1 st data segment, and records the first-level checksum CS1(1) in the accompanying verification file (not shown in FIG. 3B ).
- the verification code generation circuit 120 adds 1 to k, i.e., performing step S250 in FIG. 2 to render k to become 2.
- the verification code generation circuit 120 again determines whether the encoding engine 110 has generated the 2 nd data segment by encoding. If so, the verification code generation circuit 120 generates a first-level checksum CS1(2) associated with the 2 nd data segment, and records the first-level checksum CS1(2) in the accompanying verification file. The above steps are repeatedly until the verification code generation circuit 120 generates a first-level checksum CS1(3) associated with the 3 rd data segment, and records the first-level checksum CS1(3) in the accompanying verification file.
- the verification code generation circuit 120 generates a second-level checksum CS2(1) associated with the ( ⁇ *N+1) th data segment to the k th data segment, i.e., a second-level checksum CS2(1) of the first-level checksums CS1(1) to CS1(3) of the 1 st to 3 rd data segment, and records the second-level checksum CS2(1) in the accompanying verification file.
- the verification code generation circuit 120 uses the device key PK to sign the second-level checksum CS2(1) to generate a digital signature DS(1) associated with the second-level checksum CS2(1), and records the digital signature DS(1) in the accompanying verification file.
- the verification code generation circuit 120 then sequentially adds 1 to ⁇ and adds 1 to k, i.e., performing step S280 and step S250 in FIG. 2 to render ⁇ and k to respectively become 1 and 4. After ⁇ and k have respectively become 1 and 4, the verification code generation circuit 120 again determines whether the encoding engine 110 has generated the 4 th data segment by encoding. If so, the verification code generation circuit 120 generates a first-level checksum CS1(4) associated with the 4 th data segment, and records the first-level checksum CS1(4) in the accompanying verification file.
- the verification code generation circuit 120 generates a first-level checksum CS1(6) associated with the 6 th data segment and records the first-level checksum CS1(6) in the accompanying verification file.
- the verification code generation circuit 120 generates a second-level checksum CS2(2) associated with the ( ⁇ *N+1) th data segment to the k th data segment, i.e., a second-level checksum CS2(2) of the first-level checksums CS1(4) to CS1(6) of the 4 th to 6 th data segments, and records the second-level checksum CS2(2) in the accompanying verification file.
- the verification code generation circuit 120 again uses the device key PK to sign the second-level checksum CS2(2) to generate a digital signature DS(2) associated with the second-level checksum CS2(2), and records the digital signature DS(2) in the accompanying verification file. Subsequent details are as those given in the above description, and are thus omitted herein. In brief, because the part of data corresponding to each second-level checksum necessarily includes W consecutive parts of data, the verification code generation method of this embodiment allows a subsequent verification method to determine whether orders of the parts of data have been changed, or to determine whether any part of data is lost.
- step S240 considering that if the determination result of step S240 is "negative" when the encoding engine 110 has generated the last data segment of the video/audio stream by encoding, the verification code generation method of the present invention is still required to again generate a second-level checksum for the last several consecutive first-level checksums.
- FIG. 4 showing a flowchart of a verification code generation method provided according to another embodiment of the present invention. It should be noted that, the verification code generation method in FIG. 4 can be similarly performed in the electronic device 10 in FIG. 1 ; however, the present invention does not limit that the verification code generation method in FIG. 4 can be performed only in the electronic device 10 in FIG. 1 . Furthermore, some steps in FIG. 4 identical to those in FIG.
- the verification code generation method in FIG. 4 can further include step S440 and steps S460 to S480.
- step S440 the verification code generation circuit 120 again determines whether the k th data segment is the last data segment (of the video/audio stream). If not, the process continues to step S250 to add 1 to the variable k, and returns to step S220 after 1 is added to k; if so, the process continues to steps S460 to S480.
- step S460 the verification code generation circuit 120 generates a second-level checksum of multiple first-level checksums associated with the ( ⁇ *N+1) th data segment to the k th data segment, and records the second-level checksum in the accompanying verification file.
- step S470 the verification code generation circuit 120 uses the device key PK (not shown in FIG.
- step S480 the electronic device 10 ends the verification code generation method of this embodiment. Only when the verification code generation method of this embodiment is again activated, the electronic device 10 again performs the verification code generation method, starting from step S210 in FIG. 4 . It should be noted that, the present invention does not limit the specific implementation form of the verification code generation circuit 120 regarding the determination for whether the k th data segment is the last data segment, and a person skilled in the art could carry out associated designs according to actual requirements or applications.
- the verification code generation method in FIG. 4 can further include step S450.
- step S450 the verification code generation circuit 120 also determines whether the k th data segment is the last data segment (of the video/audio stream). If not, the process continues to step S280 and step S250 to add 1 to ⁇ and k, respectively, and returns to step S220 after 1 is added to ⁇ and k, respectively. If so, the process continues to step S480, i.e., ending the verification code generation method of this embodiment.
- W is 5 and N is 2 for example in this embodiment. Refer to FIG.
- FIG. 5A showing a schematic diagram of checksums and digital signatures generated in the verification code generation method in FIG. 4 according to an embodiment. Furthermore, in the embodiment in FIG. 5A , because details before k is 13 are as described above, and thus are omitted herein.
- the verification code generation circuit 120 when it is determined that the encoding engine 110 has generated the 14 th data segment by encoding, the verification code generation circuit 120 generates a first-level checksum CS1(14) associated with the 14 th data segment, and records the first-level checksum CS1(14) in the accompanying verification file (not shown in FIG. 5A ).
- the verification code generation circuit 120 adds 1 to k, i.e., performing step S250 in FIG. 4 to render k to become 15.
- the verification code generation circuit 120 again determines whether the encoding engine 110 has generated the 15 th data segment by encoding. If so, the verification code generation circuit 120 generates a first-level checksum CS1(15) associated with the 15 th data segment, and records the first-level checksum CS1(15) in the accompanying verification file.
- the verification code generation circuit 120 performs step S260 to generate a second-level checksum CS2(6) associated with the ( ⁇ *N+1) th data segment to the k th data segment, i.e., a second-level checksum CS2(6) of the first-level checksums CS1(11) to CS1(15) of the 11 th to 15 th data segments, and records the second-level checksum CS2(6) in the accompanying verification file.
- the verification code generation circuit 120 uses the device key PK to sign the second-level checksum CS2(6) to generate a digital signature DS(6) associated with the second-level checksum CS2(6), and records the digital signature DS(6) in the accompanying verification file.
- the verification code generation circuit 120 again sequentially adds 1 to ⁇ and adds 1 to k, i.e., performing step S280 and step S250 in FIG. 4 to render ⁇ and k to become 6 and 16, respectively.
- the verification code generation circuit 120 again determines whether the encoding engine 110 has generated the 16 th data segment by encoding.
- the verification code generation circuit 120 If so, the verification code generation circuit 120 generates a first-level checksum CS1(16) associated with the 16 th data segment, and records the first-level checksum CS1(16) in the accompanying verification file. The above steps are repeated until the verification code generation circuit 120 generates a first-level checksum CS1(17) associated with the 17 th data segment and records the first-level checksum CS1(17) in the accompanying verification file.
- the verification code generation circuit 120 performs step S260 to generate a second-level checksum CS2(7) associated with the ( ⁇ *N+1) th data segment to the k th data segment, i.e., a second-level checksum CS2(7) of the first-level checksums CS1(13) to CS1(17) of the 13 th to 17 th data segments, and records the second-level checksum CS2(7) in the accompanying verification file.
- the verification code generation circuit 120 uses the device key PK to sign the second-level checksum CS2(7) to generate a digital signature DS(7) associated with the second-level checksum CS2(7), and records the digital signature DS(7) in the accompanying verification file. It should be noted that, because the 17 th data segment at this point in time is the last data segment in the video/audio stream (step S450), the verification code generation circuit 120 continues to step S480 to end the verification code generation method of this embodiment. Furthermore, refer to FIG. 5B showing a schematic diagram of checksums and digital signatures generated in the verification code generation method in FIG. 4 according to another embodiment.
- step S440 the verification code generation circuit 120 performs step S460 to generate a second-level checksum CS2(7) associated with the ( ⁇ *N+1) th data segment to the k th data segment, i.e., a second-level checksum CS2(7) of the first-level checksums CS1(13) to CS1(16) of the 13 th to 16 th data segments, and records the second-level checksum CS2(7) in the accompanying verification file.
- step S470 the digital signature DS(7) of the second-level checksum CS2(7) is recorded in the accompanying verification file
- a one-minute video/audio stream can then include 120 data segments, or alternatively speaking, 120 GOPs (i.e., 120 GOP/min).
- the verification code generation circuit 120 can generate 120 first-level checksums, and assuming that W is 8 and N is 6, the verification code generation circuit 120 can further generate 20 second-level checksums and 20 digital signatures.
- the present invention further provides an embodiment for a subsequent verification method.
- FIG. 6 showing a flowchart of a data verification method provided according to an embodiment of the present invention.
- the data verification method in FIG. 6 can similarly be performed in the electronic device 10 in FIG. 1 ; however, the present invention does not limit that the data verification method in FIG. 6 can be performed only in the electronic device 10 in FIG. 1 .
- the verification code generation method of the foregoing embodiment and the data verification method of this embodiment can be performed by the same electronic device, e.g., the electronic device 10 in FIG. 1 , or be respectively performed by different electronic devices.
- the electronic device performing the data verification method of this embodiment needs to store the accompanying verification file of the foregoing embodiment.
- the data verification method in FIG. 6 can be achieved by an application (not shown) having a plurality of instructions, and the application is referred to as a second application in this embodiment. Moreover, for illustration purposes, this embodiment is also performed by the electronic device 10 in FIG. 1 .
- the electronic device 10 in FIG. 1 can further include a verification circuit 140 coupled to the storage device 130, and the second application can similarly be stored in the storage device 130 and is used for instructing the electronic device 10 to perform the data verification method in FIG. 6 . That is to say, when the electronic device 10 is installed with the second application, the electronic device 10 can activate the data verification method in FIG. 6 .
- the present invention does not limit the specific implementation form of the verification circuit 140, nor does it limit the specific implementation forms of the electronic device 10 regarding the installation of the second application and the activation of the data verification method in FIG. 6 .
- a person skilled in the art can carry out associated designs according to actual requirements and applications.
- the verification circuit 140 identifies, from multiple first-level checksums in the accompanying verification file, a first-level checksum corresponding to the video/audio under verification.
- a first-level checksum corresponding to the video/audio under verification can include the first hash value of one data segment in FIG. 3A as well as the timestamp associated with the data segment.
- the verification circuit 140 can determine by comparison whether the starting time of the video/audio under verification matches the timestamp of any one of the data segments in FIG. 3A to identify the first-level checksum corresponding to the video/audio under verification; however, the present invention is not limited to the above.
- the verification circuit 140 can verify whether the video/audio under verification is correct according to the first hash value of the first-level checksum corresponding to the video/audio under verification. For example, assuming that the first-level checksum corresponding to the video/audio under verification refers to the first-level checksum CS1 (3) in FIG. 3A , the verification circuit 140 can use the same hash function to calculate the hash value of the video/audio under verification, and determine by comparison whether the hash value of the video/audio under verification is the same as the first hash value in the first-level checksum CS1 (3). If the two are the same, it means that the video/audio under verification is correct; if the two are different, it means that the video/audio under verification has been tampered.
- the operation principle of using a hash value for data verification is generally known to a person skilled in the art, and thus the associated details are not further described herein.
- the second-level checksum CS2(1) covering the first-level checksum CS1 (3) corresponding to the video/audio under verification includes a second hash value of multiple first hash values of the covered first-level checksums CS1(1) to CS1 (5), and multiple timestamps of the covered first-level checksums CS1(1) to CS1 (5).
- the verification circuit 140 can also verify according to the first hash values of the first-level checksums CS1 (1) to CS1 (5) and the second hash value of the second-level checksum CS2(1), whether the above parts of data have been tampered.
- the verification circuit 140 can further identify from the accompanying verification file the second-level checksum CS2(1) covering the first-level checksum CS1 (3) corresponding to the video/audio under verification, and use the same device key PK to verify whether the second-level checksum CS2(1) and the digital signature DS(1) associated with the second-level checksum CS2(1) are correct.
- the verification code generation method of the foregoing embodiment a person skilled in the art could carry out associated designs of the subsequent verification method according to actual requirements or applications.
- the verification code generation method of the embodiment of the present invention is capable of dynamically generating a verification code for a part of data in a situation where the electronic device is currently generating a video/audio stream. More particularly, when it is determined that once the encoding engine has generated a part of data of sufficient units by encoding, the verification code generation method of the embodiment of the present invention can real-time generate a first-level checksum associated with that part of data, and record the first-level checksum in the accompanying verification file.
- the verification code generation method of the embodiment of the present invention can again generate, at an interval of every N data segments, a second-level checksum for W consecutive first-level checksums and similarly record the second-level checksum in the accompanying verification file. Therefore, the verification code generation method of the embodiment of the present invention allows a subsequent verification method, e.g., the data verification method provided by the embodiment of the present invention, to quickly verify the integrity of a part of data according to the accompanying verification file. More particularly in a situation where a part of data is damaged or lost, the data verification method provided according to the embodiment of the present invention is still capable of verifying the undamaged part of data correctly.
Description
- The present invention relates to the field of video/audio security and, more particularly, to a verification code generation method, a data verification method and an electronic device.
-
US 2017/0075938 A1 discloses systems and methods for storing and verifying data; wherein reference levels are generated according to time intervals, where the first reference level comprises a predetermined number of file time intervals, and where each of the time intervals of the remaining reference levels is comprised of a predetermined number of the time intervals of a previous reference level.
Further, hashes of data are created at the first reference level by performing a hashing function on the data in a time-sequenced manner. First reference level time interval hashes are generated by performing the hashing function on the hashes of the data at each of the time intervals of the first reference level. Hashes for remaining reference level time intervals are generated by performing file hashing func-tion on the hashes of each of the time intervals of the previous reference level.
Further systems and methods for storing and verifying data are disclosed byUS 2007/0239961 A1 .
With the popularity of video/audio recording devices in the recent years, video/audio security has become essential. In the field of video/audio security, verification codes are a critical technology. In general, a verification code is generated by a complex hash function, and a calculation result of such hash function is thus referred to as a hash value, or referred to as a message digest. Theoretically speaking, hash values generated from different data are different, and hence hash values can be used as verification data for determining whether data has been tampered during a transmission process. In a current approach, an entire footage not at all edited is used to generate a hash value, or hash processing is individually performed on multiple frames divided from a completely stored video file. However, in a situation where a video/audio recording device is currently generating a video/audio stream, the above prior art may fail to dynamically generate the verification codes of a part of the data, in a way that a subsequent verification method may fail to verify the integrity of the part of the data. - In view of the above, it is an object of the present invention to provide a verification code generation method, a data verification method and an electronic device capable of dynamically generating verification codes of a part of data or capable of quickly verifying the integrity of a part of data. The present invention provides a verification code generation method according to
independent claim 1, a data verification method according toindependent claim 5, and an electronic device according toindependent claim 7. The dependent claims show further examples of a suchlike verification code generation method, data verification method, and electronic device, respectively. To achieve the object, a verification code generation method performed in an electronic device is provided according to an embodiment of the present invention, wherein the electronic device is for performing encoding to generate a video/audio stream having multiple data segments. The verification code generation method includes the following steps. Each time one of the data segments is generated from the encoding, a first-level checksum associated with the data segment is generated, and the first-level checksum is recorded in an accompanying verification file. At an interval of every N data segments of the data segments, a second-level checksum is generated for W consecutive first-level checksums, and the second-level checksum is recorded in the accompanying verification file. Wherein, W is a positive integer greater than or equal to 2, N is a positive integer greater than 0 and smaller than or equal to W. - A data verification method performed in an electronic device is further provided according to an embodiment of the present invention, wherein the electronic device has the accompanying verification file of the foregoing embodiment stored therein. The data verification method includes the following steps. First, according to a starting time of a video/audio under verification, a first-level checksum corresponding to the video/audio under verification is identified from multiple first-level checksums in the accompanying verification file, wherein the first-level checksum includes a first hash value associated with a data segment of the data segments and associated with a timestamp associated with the data segment. Then, according to the first hash value of the first-level checksum corresponding to the video/audio under verification, it is verified whether the video/audio under verification is correct, wherein a second-level checksum covering the first-level checksum corresponding to the video/audio under verification includes a second hash value of multiple first hash values of covered multiple first-level checksums, and multiple timestamps of the covered first-level checksums.
- An electronic device is further provided according to an embodiment of the present invention. The electronic device includes an encoding engine, a verification code generation circuit and at least one storage device. The encoding engine is for performing encoding to generate a video/audio stream including multiple data segments. The storage device stores a first application which is for instructing the electronic device to perform the verification code generation method of the foregoing embodiment. Preferably, the electronic device may further include a verification circuit, and the storage device stores a second application which is for instructing the electronic device to perform the data verification method of the foregoing embodiment.
- To further understand the features and technical contents of the present invention, please refer to the detailed description and accompanying drawings associated with the present invention. However, the description and the accompanying drawings are for illustrating the present invention and are not to be construed as limitations to the claim scope of the present invention.
-
-
FIG. 1 is a function block diagram of an electronic device provided according to an embodiment of the present invention; -
FIG. 2 is a flowchart of a verification code generation method according to an embodiment of the present invention; -
FIG. 3A is a schematic diagram of checksums and digital signatures generated in the verification code generation method inFIG. 2 according to an embodiment; -
FIG. 3B is a schematic diagram of checksums and digital signatures generated in the verification code generation method inFIG. 2 according to another embodiment; -
FIG. 4 is a flowchart of a verification code generation method according to another embodiment of the present invention; -
FIG. 5A is a schematic diagram of checksums and digital signatures generated in the verification code generation method inFIG. 4 according to an embodiment; -
FIG. 5B is a schematic diagram of checksums and digital signatures generated in the verification code generation method inFIG. 4 according to another embodiment; and -
FIG. 6 is a flowchart of a data verification method provided according to an embodiment of the present invention. - In the disclosure below, various embodiments of the present invention are given in detail with the accompanying drawings to describe the present invention. However, the concepts of the present invention can be embodied by means of numerous different forms and are not to be construed as being limited to the exemplary embodiments given in the disclosure. Furthermore, the same reference numerals in the drawings can represent similar elements.
- Refer to both
FIG. 1 andFIG. 2 .FIG. 1 shows a function block diagram of an electronic device provided according to an embodiment of the present invention.FIG. 2 shows a flowchart of a verification code generation method provided according to an embodiment of the present invention. It should be noted that, the verification code generation method inFIG. 2 can be performed in theelectronic device 10 inFIG. 1 ; however, the present invention does not limit that the verification code generation method inFIG. 2 can be performed only in theelectronic device 10 inFIG. 1 . InFIG. 1 , theelectronic device 10 includes anencoding engine 110, a verificationcode generation circuit 120 and at least one storage device. For illustration purposes, in this embodiment, the storage device in a quantity of one, i.e., thestorage device 130, is given as an example, and such exemplary quantity is not to be construed as a limitation to the present invention. Furthermore, theencoding engine 110, the verificationcode generation circuit 120 and thestorage device 130 can be implemented by purely hardware circuits, or be implemented by hardware circuits matched with firmware or software. In brief, the present invention does not limit the specific implementation form of theelectronic device 10, and a person skilled in the art could carry out associated designs according to actual requirements or applications. Furthermore, the - verification
code generation circuit 120 is coupled between theencoding engine 110 and thestorage device 130, and theencoding engine 110, the verificationcode generation circuit 120 and thestorage device 130 can be integrated together or be separately configured; however, the present invention is not limited to the above. - The
encoding engine 110 is for performing encoding to generate a video/audio stream having multiple data segments. In this embodiment, the video/audio stream is generated by encoding according to, for example, the MPEG-4 standard. Thus, each data segment of the video/audio stream can include at least one group of pictures (GOP) or at least one set of media data (mdat). In practice, the present invention does not limit that the data segments need to individually include the same quantity of GOPs or media data, and the quantity of GOP or media data included in each data segment can be dynamically determined according to the operation capability of theelectronic device 10. For example, in this embodiment, theelectronic device 10 can be, for example, a body cam, and thus each data segment can include 5 to 8 GOPs; however, the present invention is not limited to the above. The operation principle of generating a video/audio stream by encoding according to the MPEG-4 standard is generally known to a person skilled in the art, and thus details of theencoding engine 110 are not further described herein. - The
storage device 130 is for storing the data segments of the video/audio stream. The verification code generation method inFIG. 2 can be achieved by an application (not shown) having a plurality of instructions. In this embodiment, the application is referred to as a first application which can also be stored in thestorage device 130 and is for instructing theelectronic device 10 to perform the verification code generation method inFIG. 2 . That it to say, when theelectronic device 10 is installed with the first application, theelectronic device 10 can activate the verification code generation method inFIG. 2 . It should be noted that, the present invention does not limit the specific implementation form of theelectronic device 10 regarding the installation of the first application and the activation for performing the verification code generation method inFIG. 2 , and a person skilled in the art could carry out associated designs according to actual requirements or applications. - More specifically, after the
electronic device 10 activates the verification code generation method inFIG. 2 , as shown inFIG. 2 , the verificationcode generation circuit 120 first initializes a variable α as 0 in step S210, and determines whether theencoding engine 110 has generated a kth data segment (of the video/audio stream) by encoding in step S220. If so, the process continues to step S230, otherwise the process returns to step S220 until the kth data segment has been generated by encoding. In step S230, the verificationcode generation circuit 120 generates a first-level checksum associated with the kth data segment, and records the first-level checksum of the kth data segment in an accompanying verification file. It should be understood that, the above variable k is a positive integer starting from 1, and the first-level checksum of the kth data segment includes a hash value associated with the kth data segment, wherein the hash value is referred to as a first hash value in this embodiment. The operation principle for generating the hash value of the kth data segment is generally known to a person skilled in the art, and thus associated details are not further described herein. - The present invention does not limit the specific implementation form of the accompanying verification file, and a person skilled in the art could carry out associated designs according to actual requirements and applications. In this embodiment, the accompanying verification file can be similarly stored in the
storage device 130. Alternatively, in other embodiments, if theelectronic device 10 further includes a second storage device, the second storage device can be in charge for storing the accompanying verification file, or alternatively speaking, for storing a verification code of this embodiment. In step S240, the verificationcode generation circuit 120 determines whether the variable k is equal to (W+α*N). In this embodiment, W represents W consecutive data segments (or the number of the first-level checksums) needed for generating one second-level checksum, N represents a data segment interval at which one second-level checksum is generated, where W is a positive integer greater than or equal to 2, and N is a positive integer greater than 0 and smaller than or equal to W, that is, 0 < N ≦W. If not, the process continues to step S250; and if so, the process continues to step S260. In step S250, the verificationcode generation circuit 120 adds 1 to k, and the process returns to step S220 after 1 is added to k. - In step S260, the verification
code generation circuit 120 generates a second-level checksum of multiple first-level checksums associated with the (α*N+1)th data segment to the kth data segment, and records the second-level checksum in the accompanying verification file. In step S270, the verificationcode generation circuit 120 uses a device key PK (not shown inFIG. 1 ) to sign the second-level checksum to generate a digital signature associated with the second-level checksum, and records the digital signature in the accompanying verification file. In step S280, the verificationcode generation circuit 120 adds 1 to α, and the process continues to step S250 after 1 is added to α. For illustration purposes below, it is assumed that W is 5 and N is 2 for example; however, the present invention is not limited to the above. Refer toFIG. 3A showing a schematic diagram of checksums and digital signatures generated in the verification code generation method inFIG. 2 according to an embodiment of the present invention. - As shown in
FIG. 3A , after it is determined that theencoding engine 110 has generated the 1st data segment by encoding, the verificationcode generation circuit 120 generates a first-level checksum CS1(1) associated with the 1st data segment, and records the first-level checksum CS1(1) in the accompanying verification file (not shown inFIG. 3A ). However, at this point in time, the variable k is not equal to (W+α*N), that is, 1 ≠ (5+0*2). Thus, the verificationcode generation circuit 120 adds 1 to k, that is, performing step S250 inFIG. 2 to render k to become 2; after k has become 2, the verificationcode generation circuit 120 determines whether theencoding engine 110 has generated the 2nd data segment by encoding. If so, the verificationcode generation circuit 120 generates a first-level checksum CS1(2) associated with the 2nd data segment, and records the first-level checksum CS1(2) in the accompanying verification file. The above steps are repeated until the verificationcode generation circuit 120 generates a first-level checksum CS1(5) associated with the 5th data segment, and records the first-level checksum CS1(5) in the accompanying verification file. At this point in time, the variable k is equal to (W+α*N), that is, 5=(5+0*2). Thus, the verificationcode generation circuit 120 generates a second-level checksum CS2(1) associated with the (α*N+1)th data segment to the kth data segment, i.e., a second-level checksum CS2(1) of the first-level checksums CS1(1) to CS1(5) of the 1st to the 5th data segments, and records the second-level checksum CS2(1) in the accompanying verification file. Next, the verificationcode generation circuit 120 uses the device key PK to sign the second-level checksum CS2(1) to generate a digital signature DS(1) associated with the second-level checksum CS2(1), and records the digital signature DS(1) in the accompanying verification file. - It should be noted that, the second-level checksum CS2(1) can include a new hash value of the first hash values of the covered first-level checksums CS1(1) to CS1(5), wherein the new hash value is simply referred to as a second hash value. That is to say, in this embodiment, the verification
code generation circuit 120 performs hash processing by using the first hash values of the first-level checksums CS1(1) to CS1(5) to generate the second hash value in the second-level checksum CS2(1). For illustration purposes below, the first hash value in each first-level checksum is represented by a diagonal line shaded block, and the second hash value of each second-level checksum is represented by a grid shaded block. As previously described, because hash values generated by hash processing for different data are different, a person skilled in the art could understand that, the diagonal line shaded blocks and the grid shaded blocks in the following embodiments in fact represent different hash values. Furthermore, in this embodiment, the device key PK can also be similarly stored in thestorage device 130; alternatively, in other embodiments, if theelectronic device 10 further includes a third storage device, the third storage device can be in charge of storing the device key PK, and the present invention does not limit the specific implementation form of the device key PK. The operation principle of using the device key PK to sign and generate a digital signature is generally known to a person skilled in the art, and thus associated details are not further described herein. - To further implement the data verification method provided according to the embodiment of the present invention, the first-level checksum CS1(k) of the kth data segment can further include a timestamp associated with the kth data segment, and the second-level checksum CS2(α+1) can further include the timestamps of the covered first-level checksums CS1(α*N+1) to CS1(k). For example, the first-level checksum CS1 (1) of the 1st data segment further includes the timestamp associated with the 1st data segment, and similarly, the first-level checksum CS1 (5) of the 5th data segment further includes the timestamp associated with the 5th data segment; moreover, the second-level checksum CS2(1) further includes the timestamps of the covered first-level checksums CS1 (1) to CS1 (5). However, the present invention is not limited to the above. The operation principle of the data verification method is to be described in detail by means of other embodiments below, and thus the associated details are not further described herein. It should be noted that, for illustration purposes below, the timestamp of each data segment is represented by a dot shaded block in the embodiments of the disclosure, and since the timestamps of the data segments are necessarily different, the dot shaded blocks in fact represent different timestamps. However, the present invention also does not limit the specific implementation form of the timestamps.
- The verification
code generation circuit 120 then sequentially adds 1 to α and adds 1 to k, i.e., performing step S280 and step S250 inFIG. 2 to render α and k to become 1 and 6, respectively. After α and k have respectively become 1 and 6, the verificationcode generation circuit 120 again determines whether theencoding engine 110 has generated the 6th data segment by encoding. If so, the verificationcode generation circuit 120 generates a first-level checksum CS1(6) associated with the 6th data segment, and records the first-level checksum CS1(6) in the accompanying verification file. The above steps are repeated similarly until the verificationcode generation circuit 120 generates a first-level checksum CS1(7) associated with the 7th data segment, and records the first-level checksum CS1(7) in the accompanying verification file. At this point in time, as the variable k is equal to (W+α*N), i.e., 7=(5+1*2), the verificationcode generation circuit 120 generates a second-level checksum CS2(2) associated with the (α*N+1)th data segment to the kth data segment, i.e., a second-level checksum CS2(2) of the first-level checksums CS1(3) to CS1(7) of the 3rd to 7th data segments, and records the second-level checksum CS2(2) in the accompanying verification file. - Similarly, the verification
code generation circuit 120 again uses the device key PK to sign the second-level checksum CS2(2) to generate a digital signature DS(2) associated with the second-level checksum CS2(2), and records the digital signature DS(2) in the accompanying verification file. The subsequent details are as those described previously, and shall be omitted herein. In other words, in the steps inFIG. 2 , each time theencoding engine 110 finishes generates one of the data segments by encoding, the verification code generation method of this embodiment generates a first-level checksum associated with the data segment, and records the first-level checksum of the data segment in the accompanying verification file. At an interval of every N data segments of the data segments, the verification code generation method of this embodiment generates a second-level checksum for W consecutive first-level checksums, and records the second-level checksum in the accompanying verification file. In addition, the verification code generation method of this embodiment can further use the device key PK to sign the second-level checksum to generate a digital signature associated with the second-level checksum, and record the digital signature in the accompanying verification file. - On the basis of the teaching provided by the disclosure above, it would be easy for a person skilled in the art to understand that, different from the prior that divides an original video file completely stored in the
storage device 130 into multiple frames and then individually performs hash processing on the frames, the verification code generation method of this embodiment is capable of dynamically generating a verification code for a part of data in a situation where theelectronic device 10 is currently generating a video/audio stream. More particularly, when it is determined that once theencoding engine 110 has generated a part of data of sufficient units by encoding, the verification code generation method of this embodiment can real-time generate a first-level checksum for that part of data, and record the first-level checksum in the accompanying verification file, without affecting an original structure of the video/audio stream. In addition, without processing a video/audio stream that is already completely stored, the verification code generation method of this embodiment can again generate, at an interval of every N data segments, a second-level checksum for W consecutive first-level checksums and similarly record the second-level checksum in the accompanying verification file. Therefore, the verification code generation method of this embodiment allows a subsequent verification method to quickly verify the integrity of a part of data in the video/audio stream according to the accompanying verification file. More particularly in a situation where a part of data is damaged or lost, the data verification method provided according to an embodiment of the present invention is still capable of verifying the undamaged part of data correctly. - Moreover, different from the prior art that performs signing only in the last step, or alternatively speaking, performing signing in a final accompanying document, the verification code generation method of this embodiment signs every second-level checksum so as to individually generate corresponding digital signatures to reliably achieve a non-repudiation mechanism of a part of data. Furthermore, after it is determined that a video/audio stream is completely generated by encoding, or alternatively speaking, when each data segment in the video/audio stream is completely written to the
storage device 130, the verificationcode generation circuit 120 can read all of the first-level checksums from the accompanying verification file, and set new constants W and N to again form and generate a new second-level checksum and a new digital signature, both of which can be similarly recorded in the accompanying verification file. Thus, by setting new constants W and N, for example, setting W and N inFIG. 3A to 3 and1 , the verification code generation method of this embodiment can allow a subsequent verification method to quickly verify the integrity of more small-part data. After the new second-level checksum and digital signature are recorded in the accompanying verification file, the verificationcode generation circuit 120 can delete the old second-level checksum and digital signature to save a capacity needed for recording in the accompanying verification file. In brief, the present invention does not limit the specific implementation form of the verificationcode generation circuit 120 regarding again forming the new second-level checksum and digital signature. - Furthermore, it is understandable that, when N is smaller than W, overlapping of (W-N) data segments is caused for a part of data corresponding to each second-level checksum; when N is equal to W, no overlapping is caused in the part of data corresponding to each second-level checksum. Thus, refer to
FIG. 3B showing a schematic diagram of checksums and digital signatures generated in the verification code generation method inFIG. 2 according to another embodiment. In the embodiment inFIG. 3B , it is assumed that both W and N are 3 for example; however, the present invention is not limited to the above. - As shown in
FIG. 3B , when it is determined that theencoding engine 110 has generated the 1st data segment by encoding, the verificationcode generation circuit 120 generates a first-level checksum CS1(1) associated with the 1st data segment, and records the first-level checksum CS1(1) in the accompanying verification file (not shown inFIG. 3B ). However, as the variable k at this point in time is not equal to (W+α*N), i.e., 1 ≠(3+0*3), the verificationcode generation circuit 120 adds 1 to k, i.e., performing step S250 inFIG. 2 to render k to become 2. After k has become 2, the verificationcode generation circuit 120 again determines whether theencoding engine 110 has generated the 2nd data segment by encoding. If so, the verificationcode generation circuit 120 generates a first-level checksum CS1(2) associated with the 2nd data segment, and records the first-level checksum CS1(2) in the accompanying verification file. The above steps are repeatedly until the verificationcode generation circuit 120 generates a first-level checksum CS1(3) associated with the 3rd data segment, and records the first-level checksum CS1(3) in the accompanying verification file. At this point in time, as the variable k is equal to (W+α*N), i.e., 3=(3+0*3), the verificationcode generation circuit 120 generates a second-level checksum CS2(1) associated with the (α*N+1)th data segment to the kth data segment, i.e., a second-level checksum CS2(1) of the first-level checksums CS1(1) to CS1(3) of the 1st to 3rd data segment, and records the second-level checksum CS2(1) in the accompanying verification file. Next, the verificationcode generation circuit 120 uses the device key PK to sign the second-level checksum CS2(1) to generate a digital signature DS(1) associated with the second-level checksum CS2(1), and records the digital signature DS(1) in the accompanying verification file. - The verification
code generation circuit 120 then sequentially adds 1 to α and adds 1 to k, i.e., performing step S280 and step S250 inFIG. 2 to render α and k to respectively become 1 and 4. After α and k have respectively become 1 and 4, the verificationcode generation circuit 120 again determines whether theencoding engine 110 has generated the 4th data segment by encoding. If so, the verificationcode generation circuit 120 generates a first-level checksum CS1(4) associated with the 4th data segment, and records the first-level checksum CS1(4) in the accompanying verification file. The above steps are repeated until the verificationcode generation circuit 120 generates a first-level checksum CS1(6) associated with the 6th data segment and records the first-level checksum CS1(6) in the accompanying verification file. At this point in time, as the variable k is equal to (W+α*N), i.e., 6=(3+1*3), the verificationcode generation circuit 120 generates a second-level checksum CS2(2) associated with the (α*N+1)th data segment to the kth data segment, i.e., a second-level checksum CS2(2) of the first-level checksums CS1(4) to CS1(6) of the 4th to 6th data segments, and records the second-level checksum CS2(2) in the accompanying verification file. - Similarly, the verification
code generation circuit 120 again uses the device key PK to sign the second-level checksum CS2(2) to generate a digital signature DS(2) associated with the second-level checksum CS2(2), and records the digital signature DS(2) in the accompanying verification file. Subsequent details are as those given in the above description, and are thus omitted herein. In brief, because the part of data corresponding to each second-level checksum necessarily includes W consecutive parts of data, the verification code generation method of this embodiment allows a subsequent verification method to determine whether orders of the parts of data have been changed, or to determine whether any part of data is lost. - On the other hand, considering that if the determination result of step S240 is "negative" when the
encoding engine 110 has generated the last data segment of the video/audio stream by encoding, the verification code generation method of the present invention is still required to again generate a second-level checksum for the last several consecutive first-level checksums. Refer toFIG. 4 showing a flowchart of a verification code generation method provided according to another embodiment of the present invention. It should be noted that, the verification code generation method inFIG. 4 can be similarly performed in theelectronic device 10 inFIG. 1 ; however, the present invention does not limit that the verification code generation method inFIG. 4 can be performed only in theelectronic device 10 inFIG. 1 . Furthermore, some steps inFIG. 4 identical to those inFIG. 2 are represented by the same denotation numerals, and thus associated details are not further described. Compared to step S240 inFIG. 2 , after it is determined that the variable k is not equal to (W+α*N), the verification code generation method inFIG. 4 can further include step S440 and steps S460 to S480. - In step S440, the verification
code generation circuit 120 again determines whether the kth data segment is the last data segment (of the video/audio stream). If not, the process continues to step S250 to add 1 to the variable k, and returns to step S220 after 1 is added to k; if so, the process continues to steps S460 to S480. In step S460, the verificationcode generation circuit 120 generates a second-level checksum of multiple first-level checksums associated with the (α*N+1)th data segment to the kth data segment, and records the second-level checksum in the accompanying verification file. In step S470, the verificationcode generation circuit 120 uses the device key PK (not shown inFIG. 4 ) to sign the second-level checksum to generate a digital signature associated with the second-level checksum, and records the digital signature in the accompanying verification file. It is understandable that, operation principles of steps S460 and S470 are equivalent to those of steps S260 and S270, except that the kth data segment at this point in time is the last data segment. Thus, in the following step S480, theelectronic device 10 ends the verification code generation method of this embodiment. Only when the verification code generation method of this embodiment is again activated, theelectronic device 10 again performs the verification code generation method, starting from step S210 inFIG. 4 . It should be noted that, the present invention does not limit the specific implementation form of the verificationcode generation circuit 120 regarding the determination for whether the kth data segment is the last data segment, and a person skilled in the art could carry out associated designs according to actual requirements or applications. - After it is determined that the variable k is equal to (W+α*N), in addition to continuing to steps S260 and S270, the verification code generation method in
FIG. 4 can further include step S450. In step S450, the verificationcode generation circuit 120 also determines whether the kth data segment is the last data segment (of the video/audio stream). If not, the process continues to step S280 and step S250 to add 1 to α and k, respectively, and returns to step S220 after 1 is added to α and k, respectively. If so, the process continues to step S480, i.e., ending the verification code generation method of this embodiment. For illustration purposes below, it is similarly assumed that W is 5 and N is 2 for example in this embodiment. Refer toFIG. 5A showing a schematic diagram of checksums and digital signatures generated in the verification code generation method inFIG. 4 according to an embodiment. Furthermore, in the embodiment inFIG. 5A , because details before k is 13 are as described above, and thus are omitted herein. - As shown in
FIG. 5A , when it is determined that theencoding engine 110 has generated the 14th data segment by encoding, the verificationcode generation circuit 120 generates a first-level checksum CS1(14) associated with the 14th data segment, and records the first-level checksum CS1(14) in the accompanying verification file (not shown inFIG. 5A ). However, as the variable k at this point in time is not equal to (W+α*N), i.e., 14≠(5+5*2), and the 14th data segment should not be the last data segment of the video/audio stream, the verificationcode generation circuit 120 adds 1 to k, i.e., performing step S250 inFIG. 4 to render k to become 15. After k has become 15, the verificationcode generation circuit 120 again determines whether theencoding engine 110 has generated the 15th data segment by encoding. If so, the verificationcode generation circuit 120 generates a first-level checksum CS1(15) associated with the 15th data segment, and records the first-level checksum CS1(15) in the accompanying verification file. As the variable k at this point in time is equal to (W+α*N), i.e., 15=(5+5*2), the verificationcode generation circuit 120 performs step S260 to generate a second-level checksum CS2(6) associated with the (α*N+1)th data segment to the kth data segment, i.e., a second-level checksum CS2(6) of the first-level checksums CS1(11) to CS1(15) of the 11th to 15th data segments, and records the second-level checksum CS2(6) in the accompanying verification file. - Next, the verification
code generation circuit 120 uses the device key PK to sign the second-level checksum CS2(6) to generate a digital signature DS(6) associated with the second-level checksum CS2(6), and records the digital signature DS(6) in the accompanying verification file. However, because the 15th data segment at this point in time is still not the last data segment of the video/audio stream, the verificationcode generation circuit 120 again sequentially adds 1 to α and adds 1 to k, i.e., performing step S280 and step S250 inFIG. 4 to render α and k to become 6 and 16, respectively. After α and k have respectively become 6 and 16, the verificationcode generation circuit 120 again determines whether theencoding engine 110 has generated the 16th data segment by encoding. If so, the verificationcode generation circuit 120 generates a first-level checksum CS1(16) associated with the 16th data segment, and records the first-level checksum CS1(16) in the accompanying verification file. The above steps are repeated until the verificationcode generation circuit 120 generates a first-level checksum CS1(17) associated with the 17th data segment and records the first-level checksum CS1(17) in the accompanying verification file. At this point in time, as the variable k is equal to (W+α*N), i.e., 17=(5+6*2), the verificationcode generation circuit 120 performs step S260 to generate a second-level checksum CS2(7) associated with the (α*N+1)th data segment to the kth data segment, i.e., a second-level checksum CS2(7) of the first-level checksums CS1(13) to CS1(17) of the 13th to 17th data segments, and records the second-level checksum CS2(7) in the accompanying verification file. - Similarly, the verification
code generation circuit 120 uses the device key PK to sign the second-level checksum CS2(7) to generate a digital signature DS(7) associated with the second-level checksum CS2(7), and records the digital signature DS(7) in the accompanying verification file. It should be noted that, because the 17th data segment at this point in time is the last data segment in the video/audio stream (step S450), the verificationcode generation circuit 120 continues to step S480 to end the verification code generation method of this embodiment. Furthermore, refer toFIG. 5B showing a schematic diagram of checksums and digital signatures generated in the verification code generation method inFIG. 4 according to another embodiment. - Compared to
FIG. 5A in which the 17th data segment is the last data segment, the 16th data segment is used as the last data segment inFIG. 5B . Thus, even if the variable k at this point in time is not equal to (W+α*N), i.e., 16(5+5*2), because the determination result of step S440 is "affirmative", the verificationcode generation circuit 120 performs step S460 to generate a second-level checksum CS2(7) associated with the (α*N+1)th data segment to the kth data segment, i.e., a second-level checksum CS2(7) of the first-level checksums CS1(13) to CS1(16) of the 13th to 16th data segments, and records the second-level checksum CS2(7) in the accompanying verification file. The above steps are repeated until the digital signature DS(7) of the second-level checksum CS2(7) is recorded in the accompanying verification file (step S470), and the verificationcode generation circuit 120 then continues to step S480 to end the verification code generation method of this embodiment. - It should be noted that, if the frame rate of the video/audio stream is, for example, 30 FPS, and each data segment of the video/audio stream includes only one 0.5-second GOP, a one-minute video/audio stream can then include 120 data segments, or alternatively speaking, 120 GOPs (i.e., 120 GOP/min). Thus, for the one-minute video/audio stream, the verification
code generation circuit 120 can generate 120 first-level checksums, and assuming that W is 8 and N is 6, the verificationcode generation circuit 120 can further generate 20 second-level checksums and 20 digital signatures. Then, in regard to SHA-2 in a hash function standard, the length of one hash value is defined as 256 bits, which are equivalent to 32 bytes (i.e., 256 bits=32 bytes), and the lengths of one timestamp and one digital signature are respectively 32 bytes and 256 bytes. Thus, the 120 first-level checksums within this one minute include a total of 7,680 bytes, i.e., 120*(32+32)=7,680; the 20 second-level checksums and 20 digital signatures within this one minute respectively include totals of 5,760 bytes and 5,120 bytes, i.e., 20*(32+8*32)=5,760 and 20*256=5,120. That is to say, compared to the one-minute video/audio stream having a data size of approximately 200 MB, the accompanying verification file requires only approximately 18K bytes. Therefore, the verification code generation method of this embodiment does not bring noticeably loading to the overall system. - To further illustrate a verification process collaborating with the verification code generation method of this embodiment, the present invention further provides an embodiment for a subsequent verification method. Refer to
FIG. 6 showing a flowchart of a data verification method provided according to an embodiment of the present invention. It should be noted that, the data verification method inFIG. 6 can similarly be performed in theelectronic device 10 inFIG. 1 ; however, the present invention does not limit that the data verification method inFIG. 6 can be performed only in theelectronic device 10 inFIG. 1 . Alternatively speaking, the verification code generation method of the foregoing embodiment and the data verification method of this embodiment can be performed by the same electronic device, e.g., theelectronic device 10 inFIG. 1 , or be respectively performed by different electronic devices. In brief, the electronic device performing the data verification method of this embodiment needs to store the accompanying verification file of the foregoing embodiment. - Similarly, the data verification method in
FIG. 6 can be achieved by an application (not shown) having a plurality of instructions, and the application is referred to as a second application in this embodiment. Moreover, for illustration purposes, this embodiment is also performed by theelectronic device 10 inFIG. 1 . Thus, theelectronic device 10 inFIG. 1 can further include averification circuit 140 coupled to thestorage device 130, and the second application can similarly be stored in thestorage device 130 and is used for instructing theelectronic device 10 to perform the data verification method inFIG. 6 . That is to say, when theelectronic device 10 is installed with the second application, theelectronic device 10 can activate the data verification method inFIG. 6 . The present invention does not limit the specific implementation form of theverification circuit 140, nor does it limit the specific implementation forms of theelectronic device 10 regarding the installation of the second application and the activation of the data verification method inFIG. 6 . A person skilled in the art can carry out associated designs according to actual requirements and applications. - More specifically, after the
electronic device 10 activates the data verification method inFIG. 6 , as shown inFIG. 6 , in step S610, according to a starting time of a video/audio under verification, theverification circuit 140 identifies, from multiple first-level checksums in the accompanying verification file, a first-level checksum corresponding to the video/audio under verification. However, for illustration purposes, it is assumed in this embodiment that the video/audio under verification is one data segment inFIG. 3A ; however, the present invention is not limited to the above example. Furthermore, the first-level checksum corresponding to the video/audio under verification can include the first hash value of one data segment inFIG. 3A as well as the timestamp associated with the data segment. Thus, in this embodiment, theverification circuit 140 can determine by comparison whether the starting time of the video/audio under verification matches the timestamp of any one of the data segments inFIG. 3A to identify the first-level checksum corresponding to the video/audio under verification; however, the present invention is not limited to the above. - In step S620, the
verification circuit 140 can verify whether the video/audio under verification is correct according to the first hash value of the first-level checksum corresponding to the video/audio under verification. For example, assuming that the first-level checksum corresponding to the video/audio under verification refers to the first-level checksum CS1 (3) inFIG. 3A , theverification circuit 140 can use the same hash function to calculate the hash value of the video/audio under verification, and determine by comparison whether the hash value of the video/audio under verification is the same as the first hash value in the first-level checksum CS1 (3). If the two are the same, it means that the video/audio under verification is correct; if the two are different, it means that the video/audio under verification has been tampered. The operation principle of using a hash value for data verification is generally known to a person skilled in the art, and thus the associated details are not further described herein. - As shown in
FIG. 3A , the second-level checksum CS2(1) covering the first-level checksum CS1 (3) corresponding to the video/audio under verification includes a second hash value of multiple first hash values of the covered first-level checksums CS1(1) to CS1 (5), and multiple timestamps of the covered first-level checksums CS1(1) to CS1 (5). Thus, when the video/audio under verification refers to the 3rd data segment, given that theverification circuit 140 obtains the 1st, 2nd, 4th and 5th data segments, theverification circuit 140 can also verify according to the first hash values of the first-level checksums CS1 (1) to CS1 (5) and the second hash value of the second-level checksum CS2(1), whether the above parts of data have been tampered. Similarly, in this embodiment, theverification circuit 140 can further identify from the accompanying verification file the second-level checksum CS2(1) covering the first-level checksum CS1 (3) corresponding to the video/audio under verification, and use the same device key PK to verify whether the second-level checksum CS2(1) and the digital signature DS(1) associated with the second-level checksum CS2(1) are correct. In brief, with thorough understanding of the verification code generation method of the foregoing embodiment, a person skilled in the art could carry out associated designs of the subsequent verification method according to actual requirements or applications. - In conclusion, different from the prior art that divides an original video file completely stored into multiple frames and then individually performs hash processing on the frames, the verification code generation method of the embodiment of the present invention is capable of dynamically generating a verification code for a part of data in a situation where the electronic device is currently generating a video/audio stream. More particularly, when it is determined that once the encoding engine has generated a part of data of sufficient units by encoding, the verification code generation method of the embodiment of the present invention can real-time generate a first-level checksum associated with that part of data, and record the first-level checksum in the accompanying verification file. In addition, without processing a video/audio stream that is already completely stored, the verification code generation method of the embodiment of the present invention can again generate, at an interval of every N data segments, a second-level checksum for W consecutive first-level checksums and similarly record the second-level checksum in the accompanying verification file. Therefore, the verification code generation method of the embodiment of the present invention allows a subsequent verification method, e.g., the data verification method provided by the embodiment of the present invention, to quickly verify the integrity of a part of data according to the accompanying verification file. More particularly in a situation where a part of data is damaged or lost, the data verification method provided according to the embodiment of the present invention is still capable of verifying the undamaged part of data correctly.
- While the present invention has been described by way of the above embodiments, it is to be understood that the claim scope of the present invention is not limited thereto.
Claims (12)
- A verification code generation method, performed in an electronic device (10), the electronic device (10) for performing encoding to generate a video/audio stream having a plurality of data segments,
wherein each data segment of the video/audio stream includes at least one group of pictures (GOP) or at least one set of media data (mdat); wherein the data segments are not limited to individually include the same quantity of group of pictures (GOP) or media data (mdat), and the quantity of group of pictures (GOP) or media data (mdat) included in each data segment is dynamically determined according to an operation capability of the electronic device (10); and
wherein the verification code generation method comprising:each time a data segment of the data segments is completely generated by encoding, generating a first-level checksum (CS1) associated with the data segment, and recording the first-level checksum (CS1) in an accompanying verification file; andat an interval of every N data segments of the data segments, generating a second-level checksum (CS2) for W consecutive first-level checksums (CS1), and recording the second-level checksum (CS2) in the accompanying verification file, where W is a positive integer greater than or equal to 2, and N is a positive integer greater than 0 and smaller than or equal to W. - The verification code generation method according to claim 1, wherein the first-level checksum (CS1) of the data segment comprises a first hash value associated with the data segment, and the second-level checksum (CS2) comprises a second hash value of the first hash values of the covered first-level checksums (CS1).
- The verification code generation method according to claim 2, wherein the first-level checksum (CS1) of the data segment further comprises a timestamp associated with the data segment, and the second-level checksum (CS2) further comprises the timestamps of the covered first-level checksums (CS1).
- The verification code generation method according to claim 3, wherein the step of generating the second-level checksum (CS2) and recording the second-level checksum (CS2) in the accompanying verification file further comprises:
using a device key (PK) to sign the second-level checksum (CS2) to generate a digital signature associated with the second-level checksum (CS2), and recording the digital signature in the accompanying verification file. - A data verification method, performed in an electronic device (10),
wherein an encoding engine (110) of the electronic device (10) is for performing encoding to generate a video/audio stream having multiple data segments; wherein each data segment of the video/audio stream includes at least one group of pictures (GOP) or at least one set of media data (mdat), wherein the data segments are not limited to individually include the same quantity of group of pictures (GOP) or media data (mdat), and the quantity of group of pictures (GOP) or media data (mdat) included in each data segment is dynamically determined according to an operation capability of the electronic device (10),
wherein
the electronic device (10) having an accompanying verification file stored therein, the accompanying verification file recording a plurality of first-level checksums (CS1) associated with a plurality of data segments of a video/audio stream, the accompanying verification file recording, at an interval of every N data segments of the data segments, a second-level checksum (CS2) associated with W consecutive first-level checksums (CS1), W being a positive integer greater than or equal to 2, N being a positive integer greater than 0 and smaller than or equal to W, the data verification method comprising:identifying, from the first-level checksums (CS1) in the accompanying verification file, a first-level checksum (CS1) corresponding to a video/audio under verification according to a starting time of the video/audio under verification, the first-level checksum (CS1) comprising a first hash value associated with one data segment of the data segments and a timestamp associated with the data segment; andverifying, according to the first hash value of the first-level checksum (CS1) corresponding to the video/audio under verification, whether the video/audio under verification is correct, wherein the second-level checksum (CS2) covering the first-level checksum (CS1) corresponding to the video/audio under verification comprises a second hash value of the first hash values of the covered first-level checksums (CS1) and the timestamps of the covered first-level checksums (CS1). - The data verification method according to claim 5, wherein, with respect to the second-level checksum (CS2) covering the first-level checksum (CS1) corresponding to the video/audio under verification, the accompanying verification file further records a digital signature associated with the second-level checksum (CS2), the data verification method further comprising:identifying, from the accompanying verification file, the second-level checksum (CS2) covering the first-level checksum (CS1) corresponding to the video/audio under verification; andusing a device key (PK) to verify whether the second-level checksum (CS2) and the digital signature associated with the second-level checksum (CS2) are correct.
- An electronic device (10), comprising:an encoding engine (110), for performing encoding to generate a video/audio stream having a plurality of data segments;wherein each data segment of the video/audio stream includes at least one group of pictures (GOP) or at least one set of media data (mdat), wherein the data segments are not limited to individually include the same quantity of group of pictures (GOP) or media data (mdat), and the quantity of group of pictures (GOP) or media data (mdat) included in each data segment is dynamically determined according to the operation capability of the electronic device (10);a verification code generation circuit (120); andat least one storage device (130), storing a first application, the first application for instructing the electronic device (10) to perform a verification code generation method, wherein the verification code generation method comprises:each time a data segment of the data segments is completely generated by encoding performed by the encoding engine (110), the verification code generation circuit (120) generating a first-level checksum (CS1) associated with the data segment, and recording the first-level checksum (CS1) in an accompanying verification file; andat an interval of every N data segments of the data segments, the verification code generation circuit (120) generating a second-level checksum (CS2) for W consecutive first-level checksums (CS1), and recording the second-level checksum (CS2) in the accompanying verification file, where W is a positive integer greater than or equal to 2, and N is a positive integer greater than 0 and smaller than or equal to W.
- The electronic device (10) according to claim 7, wherein the first-level checksum (CS1) of the data segment comprises a first hash value associated with the data segment, and the second-level checksum (CS2) comprises a second hash value of the first hash values of the covered first-level checksums (CS1).
- The electronic device (10) according to claim 8, wherein the first-level checksum (CS1) of the data segment further comprises a timestamp associated with the data segment, and the second-level checksum (CS2) further comprises the timestamps of the covered first-level checksums (CS1).
- The electronic device (10) according to claim 9, wherein the step of generating the second-level checksum (CS2) and recording the second-level checksum (CS2) in the accompanying verification file further comprises:
using, by the verification code generation circuit (120), a device key (PK) to sign the second-level checksum (CS2) to generate a digital signature associated with the second-level checksum (CS2), and recording the digital signature in the accompanying verification file. - The electronic device (10) according to claim 10, further comprising a verification circuit (140), the at least one storage device (130) further storing a second application, the second application being for instructing the electronic device (10) to perform a data verification method, wherein the data verification method comprises:the verification circuit (140) identifying, from the first-level checksums (CS1) in the accompanying verification file, a first-level checksum (CS1) corresponding to a video/audio under verification according to a starting time of the video/audio under verification; andverifying, according to the first hash value of the first-level checksum (CS1) corresponding to the video/audio under verification whether the video/audio under verification is correct.
- The electronic device (10) according to claim 11, wherein the data verification method further comprises:identifying, from the accompanying verification file, the second-level checksum (CS2) covering the first-level checksum (CS1) corresponding to the video/audio under verification; andusing a device key (PK) to verify whether the second-level checksum (CS2) and the digital signature associated with the second-level checksum (CS2) are correct.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19173251.0A EP3737109B1 (en) | 2019-05-08 | 2019-05-08 | Verification code generation method, data verification method and electronic device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19173251.0A EP3737109B1 (en) | 2019-05-08 | 2019-05-08 | Verification code generation method, data verification method and electronic device |
Publications (2)
Publication Number | Publication Date |
---|---|
EP3737109A1 EP3737109A1 (en) | 2020-11-11 |
EP3737109B1 true EP3737109B1 (en) | 2024-03-20 |
Family
ID=66448456
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19173251.0A Active EP3737109B1 (en) | 2019-05-08 | 2019-05-08 | Verification code generation method, data verification method and electronic device |
Country Status (1)
Country | Link |
---|---|
EP (1) | EP3737109B1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112765124A (en) * | 2020-12-30 | 2021-05-07 | 深圳市捷顺科技实业股份有限公司 | Checking method for automatic checking data and server |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170147830A1 (en) * | 2015-11-24 | 2017-05-25 | Comcast Cable Communications, Llc | Adaptive Rights Management System |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0976221B1 (en) * | 1997-04-14 | 2004-04-14 | Siemens Aktiengesellschaft | Method and system for producing and checking a hash total for digital data grouped in several data segments |
US7043637B2 (en) * | 2001-03-21 | 2006-05-09 | Microsoft Corporation | On-disk file format for a serverless distributed file system |
US7581094B1 (en) * | 2003-07-09 | 2009-08-25 | Hewlett-Packard Development Company, L.P. | Cryptographic checksums enabling data manipulation and transcoding |
US7624335B1 (en) * | 2005-10-13 | 2009-11-24 | Data Domain, Inc. | Verifying a file in a system with duplicate segment elimination using segmention-independent checksums |
JP4767057B2 (en) * | 2006-03-27 | 2011-09-07 | 富士通株式会社 | Hash value generation program, storage management program, determination program, and data change verification device |
US10303887B2 (en) * | 2015-09-14 | 2019-05-28 | T0.Com, Inc. | Data verification methods and systems using a hash tree, such as a time-centric merkle hash tree |
-
2019
- 2019-05-08 EP EP19173251.0A patent/EP3737109B1/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170147830A1 (en) * | 2015-11-24 | 2017-05-25 | Comcast Cable Communications, Llc | Adaptive Rights Management System |
Also Published As
Publication number | Publication date |
---|---|
EP3737109A1 (en) | 2020-11-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11330345B2 (en) | Verification code generation method, data verification method and electronic device | |
CN109951290B (en) | Time service authentication method, device and equipment for chain type account book | |
US20180157700A1 (en) | Storing and verifying event logs in a blockchain | |
US20120096564A1 (en) | Data integrity protecting and verifying methods, apparatuses and systems | |
CN103106068B (en) | Internet of things big data fast calibration method | |
CN110061843B (en) | Block height creating method, device and equipment in chain type account book | |
CN110059084B (en) | Data storage method, device and equipment | |
CN110019278B (en) | Data verification method, device and equipment | |
CN110008203B (en) | Data clearing method, device and equipment | |
CN110046281B (en) | Data adding method, device and equipment | |
WO2020199713A1 (en) | Data verification method, system, apparatus, and device | |
EP3737109B1 (en) | Verification code generation method, data verification method and electronic device | |
CN108810112A (en) | A kind of node synchronization method and device of market surpervision block catenary system | |
CN111913978A (en) | Block deleting method, device and system | |
CN113065169A (en) | File storage method, device and equipment | |
JP2007052516A (en) | Recording device | |
WO2020244240A1 (en) | Compression method for blockchain ledger, device, and equipment | |
CN108573172B (en) | Data checking and storing method and device | |
CN110620950B (en) | Method, device and equipment for storing audio and video files | |
US20110055179A1 (en) | System for and method of partial file hashing | |
US7876480B2 (en) | Apparatus, method, and computer program for processing information | |
CN110719494B (en) | Method and system for preventing CDN streaming media data from being tampered | |
CN109597566A (en) | A kind of reading data, storage method and device | |
CN109040827B (en) | Video file playing method, storage medium and intelligent terminal | |
CA2583755C (en) | Devices and methods for checking and determining control values |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210510 |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20221102 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GETAC HOLDINGS CORPORATION |
|
INTG | Intention to grant announced |
Effective date: 20231024 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GETAC HOLDINGS CORPORATION |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602019048491 Country of ref document: DE |